Thread: Grant tables cascade to sequence?

Grant tables cascade to sequence?

From
Rural Hunter
Date:
Hi,

I encounter the same issue often: Granted update/insert to an user but
forgot to grant it on the related sequence. It's hard to understand that
an user has write access on table but not on necessary sequences. I
think the grant on tables should cascade to related sequences. What do
you think?


Re: Grant tables cascade to sequence?

From
Albe Laurenz
Date:
Rural Hunter wrote:
> I encounter the same issue often: Granted update/insert to an user but
> forgot to grant it on the related sequence. It's hard to understand that
> an user has write access on table but not on necessary sequences. I
> think the grant on tables should cascade to related sequences. What do
> you think?

I think that would make sense.

To me this seems related to the case where table B has a
foreign key to table A with cascading delete or update.
If a user has privileges on A, he or she can change values in
B without having any privileges on B.

Yours,
Laurenz Albe


Re: Grant tables cascade to sequence?

From
Craig James
Date:
On Thu, Mar 28, 2013 at 10:56 PM, Rural Hunter <ruralhunter@gmail.com> wrote:
Hi,

I encounter the same issue often: Granted update/insert to an user but forgot to grant it on the related sequence. It's hard to understand that an user has write access on table but not on necessary sequences. I think the grant on tables should cascade to related sequences. What do you think?

Wouldn't it make more sense for the grant on the table to fail with an appropriate error message?  That would solve your problem, and it wouldn't be making security assumptions.  Cascading permissions seems like a recipe for trouble.

Craig